ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-742 All Questions

View all questions & answers for the 70-742 exam
Go to Exam

Exam 70-742 topic 1 question 264 discussion

Actual exam question from Microsoft's 70-742
Question #: 264
Topic #: 1
[All 70-742 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration.
PS C:\> (Get-ADForest).ForestMode

Windows2008R2Forest -
PS C:\> (Get-ADDomain).DomainMode

Windows2008R2Domain -
PS C:\>
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.
You need to configure Active Directory to support the planned deployment.
Solution: You run adprep.exe from the Windows Server 2016 installation media.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Device Registration requires Windows Server 2012 R2 forest schema. We can run adprep.exe to upgrade the schema.
References:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/configure-a-federation-server-with-device-registration-service https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers-to-windows-server-2012-r2-and-windows-server-2012
by Sempol at July 2, 2019, 5:26 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dan
Highly Voted 5 years, 7 months ago
after reviewing multiple sites on this issue the answer is correct. Schema needs to be at 2012 R2 to support device registration - by adding the 2016 server and running adprep that will automatically upgrade the schema to 2016. https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/configure-a-federation-server-with-device-registration-service https://theitbros.com/upgrading-active-directory-schema/
upvoted 8 times
...
MiMo
Highly Voted 5 years, 6 months ago
The provided answer is correct if you check the powershell PS C:\> (Get-ADForest).ForestMode Windows2008R2Forest PS C:\> (Get-ADDomain).DomainMode Windows2008R2Domain PS C:\> both domain and forest are 2008 and need to be upgraded, therefore we need to use adprep to rasie them
upvoted 7 times
...
lofzee
Most Recent 4 years, 3 months ago
Tricky one but I think the answer is yes. People in this chat seem to get confused between AD Schema version and Domain/Forest Functional levels - they're completely different things. New installs of ADFS 2016 require AD Schema 2016 (version 85). ADFS DRS requires Schema 2012 R2. Installation of Windows Server 2012 and up DCs automatically upgrade the Schema. We have 2012 R2 DCs here, so we can assume the AD Schema is at a level of 2012 R2 (because this happens automatically). Therefore, adprep should upgrade the AD Schema to 2016, which will be enough for ADFS 2016. Answer = Yes, still not 100% but about 90-95% sure.
upvoted 1 times
...
Alma30
4 years, 4 months ago
Guys this won't work, why? cause: for DRS you need Schema 2012R2 or higher which we have already, for ADFS 2016you need you will need active directory schema2016 and a 2016 domain controller for the passport work. by running adprep you maybe have the 2016 Schema but you still won't have the 2016-DC which means that it won't work but if you upgrade a DC to 2016, since adprep will be done automatically then you have 2016 Schema + 2016 DC for the passport work. I hope it was helpful
upvoted 1 times
...
murinha10
4 years, 5 months ago
The correct answer is YES
upvoted 1 times
...
highfiveme
4 years, 7 months ago
"Domain functional-level requirements All user account domains and the domain to which the AD FS servers are joined must be operating at the domain functional level of Windows Server 2003 or higher. Most AD FS features do not require AD DS functional-level modifications to operate successfully. However, Windows Server 2008 domain functional level or higher is required for client certificate authentication to operate successfully if the certificate is explicitly mapped to a user's account in AD DS. Schema requirements AD FS does not require schema changes or functional-level modifications to AD DS. To use Workplace Join functionality, the schema of the forest that AD FS servers are joined to must be set to Windows Server 2012 R2." - https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/design/ad-fs-requirements#BKMK_2 The adprep console utility will upgrade the Active Directory schema to add new object types required by the new operating system. -https://u-tools.com/help/UpgradeRunAdprep.asp
upvoted 1 times
...
jam7272
4 years, 7 months ago
This is correct. Device Registration requires a 2012R2 schema. This will already be in place due to the presence of the 2012R2 DCs. So that can be ignored. The important point is that a new ADFS install requires a 2016 schema. This is achieved by running adprep.
upvoted 1 times
...
daluadanilo
4 years, 9 months ago
What does Adprep.exe do? Adprep.exe has parameters that perform a variety of operations that help prepare an existing Active Directory environment for a domain controller that runs a later version of Windows Server. Not all versions of Adprep.exe perform the same operations, but generally the different types of operations that Adprep.exe can perform include the following: Updating the Active Directory schema Updating security descriptors Modifying access control lists (ACLs) on Active Directory objects and on files in the SYSVOL shared folder Creating new objects, as needed Creating new containers, as needed
upvoted 1 times
daluadanilo
4 years, 9 months ago
answer is B unfortunately and then you can't raise the forest level until you execute "Set-ADForestMode -ForestMode Windows2016Forest" for example
upvoted 1 times
...
...
Kamikazekiller
4 years, 10 months ago
answer is: A. YES
upvoted 2 times
...
TooManyExams
4 years, 10 months ago
Please understand the difference between schema level and functional level. Schema is extended by ADPrep or DCPromo of a higher level DC. However that means you CAN increase the functional level. ADFS requirements are for the schema not the forest functional level.
upvoted 1 times
...
khalid86
5 years ago
AD FS requires Domain controllers running Windows Server 2008 or later. AD FS with support for Device Registration requires a Forest Schema of Server 2012 R2 or higher. New installations of AD FS 2016 require the Active Directory 2016 schema (minimum version 85). https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-requirements#BKMK_4
upvoted 2 times
khalid86
4 years, 11 months ago
Running adprep.exe will upgrade schema. Answer is YES
upvoted 1 times
...
...
ShockwaveXYZ
5 years, 2 months ago
Since this is a new installation of adfs on a windows server 2016 server the schema needs to be upgraded. device registration only requires server 2012 adfs, but since you are installing adfs on a server 2016 server you need to upgrade a domain controller to the same level as the new adfs server. "Schema requirements New installations of AD FS 2016 require the Active Directory 2016 schema (minimum version 85). Raising the AD FS farm behavior level (FBL) to the 2016 level requires the Active Directory 2016 schema (minimum version 85)." https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-requirements
upvoted 3 times
...
Nhan
5 years, 2 months ago
The asnwer is correct. You need to run adprep to upgrade the domain Functional level to 2012 or 2016. adprep.exe is the first step that you can run month or years before the upgrade take place. 70-740.
upvoted 1 times
...
Arya1991
5 years, 2 months ago
Since there is a server 2016 in the domain does it make a sense that Forest schema is also 2016? Forest schema is 2012 only because domain controllers are 2012 version? Server version doesn’t affect Forest schema?
upvoted 2 times
Rafic
4 years, 9 months ago
Its just a 2016 member server not domain controller, so we still need to update the schema to 2016 for new ADFS installation.
upvoted 2 times
...
...
[Removed]
5 years, 3 months ago
The correct answer is A, but the stated reason is wrong. Device Registration requires 2012 R2 schema, but this has already been done by adding at least one domain controller with a Windows Server 2012 R2 OS. The focus here should be on the "new AD FS deployment on Windows Server 2016" as per the following link "New installations of AD FS 2016 require the Active Directory 2016 schema": https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-requirements#BKMK_4 So running adprep.exe from the Windows Server 2016 installation media with the right switches will update the schema to the 2016 schema version.
upvoted 5 times
lbs
4 years, 11 months ago
I agree with the explanation. Answer is correct.
upvoted 1 times
...
...
coleman
5 years, 5 months ago
i believe it is correct
upvoted 1 times
...
Gary
5 years, 6 months ago
B. Because we didn't have windows server 2016 DC.
upvoted 2 times
sTeVe86
5 years, 4 months ago
All domain controllers run Windows Server 2012 R2. So I believe adprep is able to upgrade to 2012 schema.
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago